chromium/third_party/blink/web_tests/external/wpt/fenced-frame/ancestor-throttle.https.html

<!DOCTYPE html>
<html>
<title>Test frame-ancestor</title>
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="resources/utils.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<body>

<script>
async function runTest(embed_url,
    cross_origin_to_top_level_fenced_frame, cross_origin_to_top_level_iframe,
    expected_result) {
  const ancestor_key = token();

  // Generate the url for the top level fenced frame, including the information
  // needed to pass on to its nested iframe
  const origin = get_host_info().HTTPS_REMOTE_ORIGIN;
  let fenced_frame_url = generateURL(
      "resources/ancestor-throttle-inner.https.html",
      [ancestor_key, embed_url, cross_origin_to_top_level_iframe], true);
  if (cross_origin_to_top_level_fenced_frame)
    fenced_frame_url = getRemoteOriginURL(fenced_frame_url, true);

  const fenced_frame_config = await generateURNFromFledgeRawURL(
      fenced_frame_url, [], true);

  attachFencedFrame(fenced_frame_config);

  // There is no API to observe whether the document in the FencedFrame loaded
  // or not. Instead, set up a timeout. If the document loads, "loaded" will be
  // sent to the server. Otherwise "blocked" will be sent after 3 seconds.
  step_timeout(() => {
    writeValueToServer(ancestor_key, "blocked");
  }, 3000);

  // Get the result for the fenced frame's nested iframe.
  const fenced_frame_result = await nextValueFromServer(ancestor_key);
  assert_equals(fenced_frame_result, expected_result,
      "The inner iframe was " + expected_result + ".");
}

promise_test(async () => {
  return runTest("fenced-frame/resources/" +
      "ancestor-throttle-nested.https.html?" +
      "nested_url=ancestor-throttle-iframe-csp.https.html",
      true, false, "blocked");
}, "root(origin1)->fenced(origin2)->iframe(origin1) should honor " +
    "CSP frame-ancestors headers up until the fenced frame root");

promise_test(async () => {
  return runTest("fenced-frame/resources/" +
      "ancestor-throttle-nested.https.html?" +
      "nested_url=ancestor-throttle-iframe-csp.https.html",
      true, false, "blocked");
}, "root(origin1)->fenced(origin2)->iframe(origin1) should honor " +
    "XFO SAMEORIGIN headers up until the fenced frame root");

promise_test(async () => {
  return runTest("fenced-frame/resources/" +
      "ancestor-throttle-iframe-csp.https.html", true, true, "loaded");
}, "root(origin1)->fenced(origin2)->iframe(origin2) should honor " +
    "CSP frame-ancestors headers up until the fenced frame root");

promise_test(async () => {
  return runTest("fenced-frame/resources/" +
      "ancestor-throttle-iframe-xfo.https.html", true, true, "loaded");
}, "root(origin1)->fenced(origin2)->iframe(origin2) should honor " +
    "XFO SAMEORIGIN headers up until the fenced frame root");

promise_test(async () => {
  return runTest("fenced-frame/resources/" +
      "ancestor-throttle-nested.https.html?" +
      "nested_url=ancestor-throttle-iframe-csp.https.html",
      false, true, "blocked");
}, "root(origin1)->fenced(origin1)->iframe(origin2)->iframe(origin2) should " +
    "honor CSP frame-ancestors headers up until the fenced frame root");

promise_test(async () => {
  return runTest("fenced-frame/resources/" +
      "ancestor-throttle-nested.https.html?" +
      "nested_url=ancestor-throttle-iframe-csp.https.html",
      false, true, "blocked");
}, "root(origin1)->fenced(origin1)->iframe(origin2)->iframe(origin2) should " +
    "honor XFO SAMEORIGIN headers up until the fenced frame root");
</script>
</body>
</html>